Worm Munches Away at Critical Windows Flaw
Article by George Norman
On 04 Nov 2008
The saga of the MS08-67 security flaw that affects Windows XP, Vista, Windows 2000, Server 2003 and Server 2008 continues. First there was the out-of-date patch released by Microsoft late October, which caught everyone’s eye because Microsoft rarely breaks the update cycle it has in place, unless the problem is big, it affects a fundamental part of the Windows OS, and is exploitable. After the patch was released, a round of explanations ensued, since everyone was intrigued and wanted to find out more about the flaw. The next chapter in this saga was releasing an exploit in the wild such as the Milw0rm and Metasploit ones.

Just as the security experts were expecting, a worm that takes advantage of unpatched, vulnerable Windows-based systems has been detected in the wild. A notice caught my eye the other day - it seems that F-Secure, company that specializes in providing antivirus software solutions and internet security, has detected a worm loose on the net that it is capable of exploiting the MS08-67 vulnerability.


“The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.” says F-Secure.

Symantec, company best known for its Norton Internet Security and Norton 360 security software, also detected a worm that exploits MS08-67 and has called it “Wecorl”. Once the worm infects a system it attempts to download software to that machine (which is most likely malware) and then tries to connect with other machines on the local subnet.

The worm affects only Windows 2000, XP, and Server 2003 – for these operating systems the MS08-67 flaw was deemed critical. Windows Vista and Server 2008, for whom the flaw is only “important”, are currently safe from the worm menace, but who is to say if that will remain so. The best course of action is to patch your Windows OS and update your antivirus software.

Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Worm Munches Away at Critical Windows Flaw
HTML Linking Code